ModSecurity给出通用SQL注入保护错误 [英] ModSecurity gives Generic SQL injection protection error
问题描述
我的Cpanel服务器上出现此错误.并非每次更新都发生,只是一些SQL.
I got this error on my Cpanel server. It doesn't happen on every update, just some SQL.
[2017年3月11日星期六:03:48:18.409435] [:错误] [pid 31376:tid 140202228020992] [客户端180.253.119.171] ModSecurity:使用代码500(阶段2)拒绝访问.模式匹配(((alter | create | drop)[[:space:]] +(column | database | procedure | table)|| delete [[:space:]] + from | update.+ set.+ =)" ARGS:说明. [文件"/usr/local/apache/conf/modsec2.user.conf"] [行"254"] [id"300015"] [版本"1"] [msg通用SQL注入保护"] [严重性严重] [主机名"] [uri"/app/marketwatch/edit-listing.php] [unique_id" WMO50kPhgfkAAHqQRtMAAACP]
[Sat Mar 11 03:48:18.409435 2017] [:error] [pid 31376:tid 140202228020992] [client 180.253.119.171] ModSecurity: Access denied with code 500 (phase 2). Pattern match "((alter|create|drop)[[:space:]]+(column|database|procedure|table)|delete[[:space:]]+from|update.+set.+=)" at ARGS:description. [file "/usr/local/apache/conf/modsec2.user.conf"] [line "254"] [id "300015"] [rev "1"] [msg "Generic SQL injection protection"] [severity "CRITICAL"] [hostname ""] [uri "/app/marketwatch/edit-listing.php"] [unique_id "WMO50kPhgfkAAHqQRtMAAACP"]
通常是什么原因导致SQL Injection错误以及如何消除此错误?
What usually cause SQL Injection error and how to get rid of this error?
推荐答案
使用本文解决该问题: https://othermachines.com/blog/drupal-modsec-and-后将保存
Solve it using this article: https://othermachines.com/blog/drupal-modsec-and-post-wouldnt-save
因此,mod_security出现了误报.我不知道它以何种方式使用modsec规则ID 300015而不是像往常一样使用300016并陷入了虚假的安全规则.您可以在[id "300015"]
中注意到ID.因此,我在文件/usr/local/apache/conf/modsec2/whitelist.conf
中编辑了modsec白名单,并添加了以下内容:
So, the mod_security got a false positive. I don't know somehow it uses modsec rule id 300015 instead of 300016 like usual and caught on false security rule. You can notice the id in [id "300015"]
. So I edited modsec whitelisting in file /usr/local/apache/conf/modsec2/whitelist.conf
and add this:
# Disable generic SQL injection rules globally
# for Drupal content admin
<LocationMatch /node/[0-9]+/edit> #might vary depending your code
<IfModule mod_security2.c> # This is the important part
SecRuleRemoveById 300015
</IfModule>
</LocationMatch>
<LocationMatch /admin>
<IfModule mod_security2.c>
SecRuleRemoveById 300015
</IfModule>
</LocationMatch>
别忘了稍后重新启动Apache,这样它将生效.
Don't forget to restart Apache afterward so it will take effect.
更新
以某种方式将配置位置更改为/etc/apache2/conf.d/modsec2/whitelist.conf
Somehow the configuration location changes to /etc/apache2/conf.d/modsec2/whitelist.conf
这篇关于ModSecurity给出通用SQL注入保护错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!